In The Claims 

Please add or amend the claims to read as follows and cancel without prejudice 
claims marked as cancelled: 

What is claimed is: 

1. (Cancelled) 

2. (Currently Amended) The system of claim [[1]] 21 further comprising of a 
filtering module installed en — at the at least one e aeh— server for blocking 
unauthorized processes activities in accordance with determined authorization 
level . 

3. (Currently Amended) The system of claim [[1]] 2J_ whoroin the systom further 
includes comprising at least one agent installed on one of the protoctod the at least 
one serve rs within the server network e nvironment , said agent enables correlating 
between processes and sessions on different servers. 

4. (Currently Amended) The system of claim [[1]] 21. wherein each process 
comprises a process information vector, -wherein for each process an identification 
code of the idontifiod communication session is addod the session ID of the original 
session is added to the process information vecto r of each process in the sequence 
related to said original session . 

5. (Previously Presented) The system of claim 4 wherein the identification code 
replaces redundant information in the process information vector. 

6. (Currently Amended) The system of claim [[1]] 21 wherein the processes 
operated by each original session are associated to the idontifiod communication 
original session 's session ID by a unique process identifier. 

7. (Currently Amended) The system of claim [[1]] 21 wherein the identified session 
properties are sign in parameters. 
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8. 
9. 
10. 

11. 

12. 

13. 
14. 



15. 
16. 

17. 



(Currently Amended) The system of claim [[1]] 21 wherein the identified session 
properties are initial session type parameters. 

(Currently Amended) The system of claim [[1]] 2J_ wherein the identified session 
properties are hyperlink session address type parameters. 

(Currently Amended) The system of claim 6 -21 wherein the communication 
original session is identified according to a unique Transmission Control Protocol 
(TCP) port ID. 
(Cancelled) 

(Currently Amended) The method of claim 44-22 further comprising the step of 
filtering processes activities in accordance with the determined authorization level 
associated with the session ID of each process . 

(Currently Amended) The method of claim 44-22 further comprising the step of 
correlating between process and sessions on different servers within the server 
network environment. 

(Currently Amended) The method of claim 44-22 wherein the association of the 
session ID to the original session and its related processes includes the step of 
adding an identification code of the identified communication session to the 
process information vector. 

(Previously Presented) The method of claim 14 wherein the identification code 

replaces redundant information in the process information vector. 

(Currently Amended) The method of claim 44—22 wherein the processes are 

associated to the idcntifiod communication original session by a unique process 

identifier. 

(Currently Amended) The method of claim 44-22 wherein the identified original 
session properties are sign in parameters. 
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18. (Currently Amended) The method of claim 44-22 wherein the identified original 
session properties are initial session type parameters. 

19. (Currently Amended) The method of claim 44-22 wherein the identified original 
session properties are hyperlink session address type parameters. 

20. (Currently Amended) The method of claim 44-22 wherein the communication 
original session is identified associated with according to a unique Transmission 
Control Protocol (TCP) port ID. 

21. (New) A security system for real time monitoring and controlling of communication 
sessions within a network server environment, wherein each original session enables 
operating a sequence of processes including operations carried out in the server 
environment, 

said system comprising: 

at least one server enabling to communicate with a multiplicity of client users 
via at least one communication network, wherein each client user enables accessing 
portals and operating sessions in the portals; and 

at least one module operated by said at least one server, 
wherein said at least one module enables associating a session ID to the original 
session of the client user and to each process in the sequence of processes operated 
by said original session, wherein said session ID enables determining an 
authorization level of session in accordance with predefined determination rules, 
wherein said determination rules refer to the properties of the original session, 
wherein each session ID is related to the manner in which the client user has 
operated the original session, 

wherein each process in the sequence is associated, in real time, with the same 
session ID of the original session, enabling said module to continuously monitor 
operation of each process of each client user, while the at least one server enables 



operating the processes of each original session according to the authorization level 
related to the session ID. 
22. (New) A computer implemented method for real time monitoring and controlling of 
communication sessions within a network server environment, wherein each 
original session enables operating a sequence of processes including operations 
carried out in the server environment, 
said method comprising:: 

- associating each original session with a session ID, wherein said session ID; 

- associating the session ID of the original session to each process in the sequence 
operated by the original session, in real time; 

determining authorization level related to the session ID in accordance with 
predefined rules, wherein said rules refer to the properties of the original 
session; 

- continuously monitoring and operating each process in the process sequence 
associated with the original session, according to the authorization level related 
to the session ID of each process. 
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Status of Claims 
Claims 2-4, 6-10, 12-14 and 16-20 have been amended. 
Independent Claims 1 and 1 1 have been cancelled. 
Independent Claims 2 1 and 22 have been added. 

Claims 21 and 22 have been added to distinctively point out the subject matter 
which the Applicants regard as the invention. 

The Applicants respectfully assert that the amendments to the claims and the new 
claims add no new matter. 
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